Re: [vpp-dev] How to configure network between different namespaces using hoststack

2019-12-05 Thread wanghanlin 






Hi Florin,
Okay, regarding first question,  the following is the detailed use case:I have one 82599 nic in my Linux host. Then I allocate two VF interfaces through SRIOV,  one VF place into a Linux namespace N1 and assign IP address 192.168.1.2/24, another VF place into VPP.  I have three applications (just called APP1, APP2, APP3) communicating with each other, and each application must get the source IP address (not 0.0.0.0) after accept for a connect request.APP1 run in Linux namespce N1 and use IP address 192.168.1.2/24. APP2 run in Linux namespace N2 and use IP address 192.168.1.3/24. APP3 run in Linux namespace N3 and use IP address 192.168.1.4/24.  And finally, APP2 and APP3 need to run based LDP.Let's summarize:APP1, N1, 192.168.1.2/24, outside VPPAPP2, N2, 192.168.1.3/24, inside VPPAPP3, N3, 192.168.1.4/24, inside VPPThen, my question is how to configure 192.168.1.3/24 and 192.168.1.4/24 in VPP?Thanks & Regards,Hanlin


 










wanghanlin







wanghan...@corp.netease.com








签名由
网易邮箱大师
定制

 

On 12/6/2019 03:56,Florin Coras wrote: 


Hi Hanlin, Inline.On Dec 4, 2019, at 1:59 AM, wanghanlin  wrote:Hi Florin,Thanks for your patient reply.  Still I have some doubt inline.wanghanlinwanghan...@corp.netease.com签名由 网易邮箱大师 定制On 11/30/2019 02:47,Florin Coras wrote: Hi Hanlin, Inline. On Nov 29, 2019, at 7:12 AM, wanghanlin  wrote:Hi Florin,Thanks for your reply.I just consider a very simple use case. Some apps in different containers communicate through VPP, just in a L2 bridge domain.  Without hoststack,  we may add some host-interfaces in one bridge domain, and assign IP address of veth interface in containers. In addition, a physical nic also added in same bridge domain to communicate with other hosts.But with hoststack, things seem complicated because we have to assign IP address inside VPP.  FC: Yes, with host stack transport protocols are terminated in vpp, therefore the interfaces must have IPs. Do you need network access to the container’s linux stack for other applications, i.e., do you need IPs in the container as well? Also, can’t you give the interfaces /32 IPs?Hanlin:I need not access to contaner's linux stack now, I think I can create another host-interface with another IP if needed.  Also,  if I give the interfaces /32 IPs, then how to communicate with each other and external hosts?  FC: I’m not sure I understand the question. I’m inclined to say vpp routing and/or cut-through sessions, but it feels like I’m missing some point you were trying to make. As an alternative, I assign multiple /24 IPs to one interface, then two applications can communicate with each other and external hosts,  but can only get 0.0.0.0/0 source address at accept time when communicating with each other. Maybe I should bind to a IP before connect if I want to get this specified IP? FC: If you use /24 for the interface then, if you want a unique local IPs for each app, you should use an explicit source ip in the connect (see vppcom_session_attr and VPPCOM_ATTR_SET_LCL_ADDR).I hope apps can communicate with each other and with external hosts in the same vrf and source ip is enforced and not changed during communication.  If not, can multiple vrfs achieve this?FC:  If applications are attached to the same app namespace, then you could leverage cut-through connections if you enable local scope connections at attachment time (see slides 17 and 18 here [1]). Cut-through sessions are “connected” at session layer, so they don’t pass through the IP fib.Hanlin:Can local scope and global scope enable simultaneously? ie, some connections use local scope and others use  global scope simultaneously.FC: Yes, you can. Otherwise, connectivity between the apps is established via intra-vrf or inter-vrf routing. Intra-vrf you don’t need to configure anything more, inter-vrf you need to add additional routes. For external hosts, you need routes to them in the vrfs. Hanlin:Inter-vrf leaking seems to not work when multiple vrf have same subnet IPs. In test/test_vcl.py,  two vrf table have different subnet IPs.FC: Yes, that’s true. Let’s clarify your first question and see which of the two options (multiple /32 interfaces or a /24 one) works. Regards, FlorinWhat we call “local” IPs for a connection are assigned at connect/accept time and they do not change. Wh

[vpp-dev] Should the inactive slave of a bond(active-backet mode) handler incoming packets? #vapi #vnet #vpp

2019-12-05 Thread gencli 
Hi:
I met this problem:
- TenGigabitEthernet3b/0/1(active) --- | port a       port c  |
*VTEP* (vxlan)--- *bridge domain* -- *BondEthernet0* --- /              
                                                                         |      
  switch          |
\___ TenGigabitEthernet3b/0/0(passive) ---| port b       port d  |

When a *ARP Request* come from *VTEP* and output from 
TenGigabitEthernet3b/0/1(active) , be transfered to "port A of switch", in 
switch it will be flooded to "port B/C/D of switch"。
"Port B of switch" will send it back to TenGigabitEthernet3b/0/0(inactive) , 
then to *BondEthernet0* 。If bond-input do not drop this packet, loopback 
happen!(MAC address flapping )

In my test, when *ARP Request* loopback from bond's inactive slave interface, 
the bond-input graph node will put it to L2 bridge(do L2 learn...), then MAC 
address flapping happen! So the corresponding ARP Reply come from 
TenGigabitEthernet3b/0/1(active) will be dropped in L2 bridge!
So should these packets come from TenGigabitEthernet3b/0/0(passive) be dropped 
? or What wrong config did I have? ro  
Please tell me, thanks!

I use VPP's stable version 19.08 and do some config like this:
1. I create a bond interface and set bond mode as “active-backup”;
2. I add two phy port in bond as bond’s slavies;
3. I set all of the three interface up;

after do these configures, I run " *show bond details* ":
vpp# show bond details
BondEthernet0
mode: active-backup
load balance: active-backup
number of active slaves: 2
*TenGigabitEthernet3b/0/1*
*TenGigabitEthernet3b/0/0*
number of slaves: 2
TenGigabitEthernet3b/0/0
TenGigabitEthernet3b/0/1
device instance: 0
interface id: 0
sw_if_index: 3
hw_if_index: 3

We know that, BondEthernet0's two slaves:
TenGigabitEthernet3b/0/1 --- active
TenGigabitEthernet3b/0/0 ---  passive

When I use “trace add dpdk-input  100、show trace” to see how packets be 
processed. I see the packets which input frome 
TenGigabitEthernet3b/0/0(passive) still processed by vpp(such as "l2_learn").
Shouldn't these packets just be droped on bond-input graph node?

Thanks!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14819): https://lists.fd.io/g/vpp-dev/message/14819
Mute This Topic: https://lists.fd.io/mt/67407029/21656
Mute #vnet: https://lists.fd.io/mk?hashtag=vnet&subid=1480452
Mute #vpp: https://lists.fd.io/mk?hashtag=vpp&subid=1480452
Mute #vapi: https://lists.fd.io/mk?hashtag=vapi&subid=1480452
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Did anything ever make vpp's native ipsec stack (ia32) work with dpdk/phy nic?

2019-12-05 Thread Damjan Marion via Lists.Fd.Io 

Hi Chuan,

You need to specify salt for GCM to work in static config.

i.e.
ipsec sa add 1 spi 255129 esp crypto-key 
0123456789012345678901234567890101234567890123456789012345678901 crypto-alg 
aes-gcm-256 salt 0x12345678
 
LMK if this helps...

-- 
Damjan


> On 27 Nov 2019, at 15:16, Chuan Han  wrote:
> 
> I switched cipher from aes-gcm to aes-cbc. native stack works. it seems the 
> issue is related to aes-gcm cipher support in native stack? Probably some 
> integration bug between aes-gcm and native stack? 
> 
> On Tue, Nov 19, 2019 at 10:42 AM Chuan Han via Lists.Fd.Io 
>   > wrote:
> Hi, Damjan, 
> 
> See attachment for detailed logs. no.vdev.xxx files contain the log for the 
> case where vdev is commented out. v.dev.xxx files contain logs for the case 
> where vdev is enabled. 
> 
> I pinged srv-1 from srv-2, i.e., 172.16.2.2 -> 172.16.1.2.
> 
> When vdev is removed, the srv-1 cannot decrypt the esp pkts. When vdev is 
> enabled, I can see srv-1 decrypted esp pkts and ping worked fine. 
> 
> Thanks.
> Chuan
> 
> 
> On Tue, Nov 19, 2019 at 2:08 AM Damjan Marion  > wrote:
> Hi Chuan,
> 
> Please note that we have daily run of IPSec performance tests in CSIT with 
> VPP running on the physical NIC with DPDK drivers.
> Also please note that every VPP patch is passing unit tests with IETF and 
> NIST test encryption vectors.
> 
> Other comments inline….
> 
> 
> > On 18 Nov 2019, at 23:48, Chuan Han via Lists.Fd.Io  
> > mailto:google@lists.fd.io>> wrote:
> > 
> > Hi, vpp experts,
> > 
> > I was told that vpp's native ipsec stack is stabler and more performant. We 
> > can enable it by commenting out the vdev line in dpdk stanza. 
> > 
> > However, when I did so, ipsec decryption failed. 
> > 
> > Ex:
> > # commenting out this line makes decryption fail. 
> > vdev crypto_aesni_mb0,socket_id=0
> 
> Have you validated that in your working case, packets are decrypted correctly?
> Can you share packet trace for both cases?
> 
> > 
> > Did anyone ever make native ipsec stack, i.e., ia32 work with dpdk/phy nic?
> 
> yes, it is tested and working on the daily basis.
> > 
> > The interesting thing is no matter whether I comment out the vdev line or 
> > not, ia32 is shown as the active crypto handler for aes-gcm-256. Does this 
> > mean ia32 is used by both cases? 
> > 
> > vpp# sh crypto engines 
> > NamePrioDescription
> > ia32100 Intel IA32 ISA Optimized Crypto
> > ipsecmb 80  Intel(R) Multi-Buffer Crypto for IPsec Library 
> > 0.52.0
> > openssl 50  OpenSSL
> > vpp# sh crypto handlers 
> > AlgoTypeActive  Candidates
> > (nil)   
> > des-cbc encrypt openssl openssl 
> > decrypt openssl openssl 
> > 3des-cbcencrypt openssl openssl 
> > decrypt openssl openssl 
> > aes-128-cbc encrypt ia32ia32 ipsecmb 
> > openssl 
> > decrypt ia32ia32 ipsecmb 
> > openssl 
> > aes-192-cbc encrypt ia32ia32 ipsecmb 
> > openssl 
> > decrypt ia32ia32 ipsecmb 
> > openssl 
> > aes-256-cbc encrypt ia32ia32 ipsecmb 
> > openssl 
> > decrypt ia32ia32 ipsecmb 
> > openssl 
> > aes-128-ctr encrypt openssl openssl 
> > decrypt openssl openssl 
> > aes-192-ctr encrypt openssl openssl 
> > decrypt openssl openssl 
> > aes-256-ctr encrypt openssl openssl 
> > decrypt openssl openssl 
> > aes-128-gcm aead-encryptia32ia32 ipsecmb 
> > openssl 
> > aead-decryptia32ia32 ipsecmb 
> > openssl 
> > aes-192-gcm aead-encryptia32ia32 ipsecmb 
> > openssl 
> > aead-decryptia32ia32 ipsecmb 
> > openssl 
> > aes-256-gcm aead-encryptia32ia32 ipsecmb 
> > openssl 
> > aead-decryptia32ia32 ipsecmb 
> > openssl 
> > hmac-md5hmacopenssl openssl 
> > hmac-sha-1  hmacipsecmb ipsecmb openssl 
> > hmac-sha-224hmacipsecmb ipsecmb openssl 
> > hmac-sha-256hmacipsecmb ipsecmb openssl 
> > hmac-sha-384hmacipsecmb

Re: [vpp-dev] How to configure network between different namespaces using hoststack

2019-12-05 Thread Florin Coras 
Hi Hanlin, 

Inline.

> On Dec 4, 2019, at 1:59 AM, wanghanlin  wrote:
> 
> Hi Florin,
> 
> Thanks for your patient reply.  Still I have some doubt inline.
> 
>   
> wanghanlin
> 
> wanghan...@corp.netease.com
>  
> 
> 签名由 网易邮箱大师  定制
> On 11/30/2019 02:47,Florin Coras 
>  wrote: 
> Hi Hanlin, 
> 
> Inline. 
> 
>> On Nov 29, 2019, at 7:12 AM, wanghanlin > > wrote:
>> 
>> Hi Florin,
>> Thanks for your reply.
>> I just consider a very simple use case. Some apps in different containers 
>> communicate through VPP, just in a L2 bridge domain.  
>> Without hoststack,  we may add some host-interfaces in one bridge domain, 
>> and assign IP address of veth interface in containers. In addition, a 
>> physical nic also added in same bridge domain to communicate with other 
>> hosts.
>> But with hoststack, things seem complicated because we have to assign IP 
>> address inside VPP.  
> 
> FC: Yes, with host stack transport protocols are terminated in vpp, therefore 
> the interfaces must have IPs. Do you need network access to the container’s 
> linux stack for other applications, i.e., do you need IPs in the container as 
> well? Also, can’t you give the interfaces /32 IPs?
> 
> Hanlin:I need not access to contaner's linux stack now, I think I can create 
> another host-interface with another IP if needed.  Also,  if I give the 
> interfaces /32 IPs, then how to communicate with each other and external 
> hosts?  

FC: I’m not sure I understand the question. I’m inclined to say vpp routing 
and/or cut-through sessions, but it feels like I’m missing some point you were 
trying to make. 

> As an alternative, I assign multiple /24 IPs to one interface, then two 
> applications can communicate with each other and external hosts,  but can 
> only get 0.0.0.0/0 source address at accept time when communicating with each 
> other. Maybe I should bind to a IP before connect if I want to get this 
> specified IP? 

FC: If you use /24 for the interface then, if you want a unique local IPs for 
each app, you should use an explicit source ip in the connect (see 
vppcom_session_attr and VPPCOM_ATTR_SET_LCL_ADDR).

> 
>> I hope apps can communicate with each other and with external hosts in the 
>> same vrf and source ip is enforced and not changed during communication.  If 
>> not, can multiple vrfs achieve this?
> 
> FC:  If applications are attached to the same app namespace, then you could 
> leverage cut-through connections if you enable local scope connections at 
> attachment time (see slides 17 and 18 here [1]). Cut-through sessions are 
> “connected” at session layer, so they don’t pass through the IP fib.
> 
> Hanlin:Can local scope and global scope enable simultaneously? ie, some 
> connections use local scope and others use  global scope simultaneously.

FC: Yes, you can. 

> 
> Otherwise, connectivity between the apps is established via intra-vrf or 
> inter-vrf routing. Intra-vrf you don’t need to configure anything more, 
> inter-vrf you need to add additional routes. For external hosts, you need 
> routes to them in the vrfs. 
> 
> Hanlin:Inter-vrf leaking seems to not work when multiple vrf have same subnet 
> IPs. In test/test_vcl.py,  two vrf table have different subnet IPs.

FC: Yes, that’s true. Let’s clarify your first question and see which of the 
two options (multiple /32 interfaces or a /24 one) works. 

Regards, 
Florin

> 
> What we call “local” IPs for a connection are assigned at connect/accept time 
> and they do not change. When connecting, we use the first IP of an interface 
> that has a route to the destination and on accept, we use the dst IP on the 
> SYN packet. 
> 
> Regards,
> Florin
> 
> [1] https://wiki.fd.io/images/9/9c/Vpp-hoststack-kc-eu19.pdf 
> 
> 
>>  
>> Thanks,
>> Hanlin
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> 
>> View/Reply Online (#14737): https://lists.fd.io/g/vpp-dev/message/14737 
>> 
>> Mute This Topic: https://lists.fd.io/mt/64106592/675152 
>> 
>> Group Owner: vpp-dev+ow...@lists.fd.io 
>> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub 
>>   [fcoras.li...@gmail.com 
>> ]
>> -=-=-=-=-=-=-=-=-=-=-=-
> 
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14817): https://lists.fd

Re: [vpp-dev] efficient use of DPDK

2019-12-05 Thread Honnappa Nagarahalli 


> >
> > Actually native drivers (like Mellanox or AVF) can be faster w/o buffer
> > conversion and tend to be faster than when used by DPDK. I suspect VPP 
> is
> not
> > the only project to report this extra cost.
> It would be good to know other projects that report this extra cost. It 
> will
> help support changes to DPDK.
> [JT] I may be wrong but I think there was a presentation about that last week
> during DPDK user conf in the US.
That was from me using VPP as an example.  I am trying to explore solutions in 
DPDK to bridge the gap between native drivers and DPDK, assuming such 
situations exist in other applications (which could be private) too.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14816): https://lists.fd.io/g/vpp-dev/message/14816
Mute This Topic: https://lists.fd.io/mt/65218320/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] efficient use of DPDK

2019-12-05 Thread Jerome Tollet via Lists.Fd.Io 
inlined

Le 05/12/2019 09:03, « vpp-dev@lists.fd.io au nom de Honnappa Nagarahalli » 
 a écrit :



> -Original Message-
> From: vpp-dev@lists.fd.io  On Behalf Of Jerome 
Tollet via
> Lists.Fd.Io
> Sent: Wednesday, December 4, 2019 9:33 AM
> To: tho...@monjalon.net
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] efficient use of DPDK
>
> Actually native drivers (like Mellanox or AVF) can be faster w/o buffer
> conversion and tend to be faster than when used by DPDK. I suspect VPP is 
not
> the only project to report this extra cost.
It would be good to know other projects that report this extra cost. It 
will help support changes to DPDK.
[JT] I may be wrong but I think there was a presentation about that last week 
during DPDK user conf in the US.

> Jerome
>
> Le 04/12/2019 15:43, « Thomas Monjalon »  a écrit :
>
> 03/12/2019 22:11, Jerome Tollet (jtollet):
> > Thomas,
> > I am afraid you may be missing the point. VPP is a framework where 
plugins
> are first class citizens. If a plugin requires leveraging offload (inline 
or
> lookaside), it is more than welcome to do it.
> > There are multiple examples including hw crypto accelerators
> 
(https://software.intel.com/en-us/articles/get-started-with-ipsec-acceleration-
> in-the-fdio-vpp-project).
>
> OK I understand plugins are open.
> My point was about the efficiency of the plugins,
> given the need for buffer conversion.
> If some plugins are already efficient enough, great:
> it means there is no need for bringing effort in native VPP drivers.
>
>
> > Le 03/12/2019 17:07, « vpp-dev@lists.fd.io au nom de Thomas Monjalon
> »  a écrit :
> >
> > 03/12/2019 13:12, Damjan Marion:
> > > > On 3 Dec 2019, at 09:28, Thomas Monjalon 

> wrote:
> > > > 03/12/2019 00:26, Damjan Marion:
> > > >>
> > > >> Hi THomas!
> > > >>
> > > >> Inline...
> > > >>
> > >  On 2 Dec 2019, at 23:35, Thomas Monjalon
>  wrote:
> > > >>>
> > > >>> Hi all,
> > > >>>
> > > >>> VPP has a buffer called vlib_buffer_t, while DPDK has 
rte_mbuf.
> > > >>> Are there some benchmarks about the cost of converting, 
from one
> format
> > > >>> to the other one, during Rx/Tx operations?
> > > >>
> > > >> We are benchmarking both dpdk i40e PMD performance and 
native
> VPP AVF driver performance and we are seeing significantly better
> performance with native AVF.
> > > >> If you taake a look at [1] you will see that DPDK i40e 
driver provides
> 18.62 Mpps and exactly the same test with native AVF driver is giving us 
arounf
> 24.86 Mpps.
> > [...]
> > > >>
> > > >>> So why not improving DPDK integration in VPP to make it 
faster?
> > > >>
> > > >> Yes, if we can get freedom to use parts of DPDK we want 
instead of
> being forced to adopt whole DPDK ecosystem.
> > > >> for example, you cannot use dpdk drivers without using EAL,
> mempool, rte_mbuf... rte_eal_init is monster which I was hoping that it 
will
> disappear for long time...
> > > >
> > > > You could help to improve these parts of DPDK,
> > > > instead of spending time to try implementing few drivers.
> > > > Then VPP would benefit from a rich driver ecosystem.
> > >
> > > Thank you for letting me know what could be better use of my 
time.
> >
> > "You" was referring to VPP developers.
> > I think some other Cisco developers are also contributing to 
VPP.
> >
> > > At the moment we have good coverage of native drivers, and 
still there
> is a option for people to use dpdk. It is now mainly up to driver vendors 
to
> decide if they are happy with performance they wil get from dpdk pmd or 
they
> want better...
> >
> > Yes it is possible to use DPDK in VPP with degraded performance.
> > If an user wants best performance with VPP and a real NIC,
> > a new driver must be implemented for VPP only.
> >
> > Anyway real performance benefits are in hardware device offloads
> > which will be hard to implement in VPP native drivers.
> > Support (investment) would be needed from vendors to make it 
happen.
> > About offloads, VPP is not using crypto or compression drivers
> > that DPDK provides (plus regex coming).
> >
> > VPP is a CPU-based packet processing software.
> > If users want to leverage hardware device offloads,
> > a trul

Re: [vpp-dev] vector size issue with Multi threaded VPP

2019-12-05 Thread Shiva Shankar 
Hi Satya,
Can you share the output  of “sh runtime” and  “sh int rx placement”?

Also, what does sh trace says?

Shiva

Shiva

On Thu, 5 Dec 2019 at 20:59, Satya Murthy  wrote:

> Retrying my luck once again.
>
> Hi,
>
> We are facing a strange problem when we moved from single worker to multi
> worker VPP.
>
> Our application plugin registers for a specific udp port and gets the
> packets from udp_local node.
>
> In Single Worker VPP:
> 
> We see that our app-plugin-node is receiving frames of bigger vector size
> ( most of the times 256 ), which is resulting is good performance figures.
>
> In Multi Worker VPP: ( 2 workers )
> ==
> Though we have two workers here, we are receiving udp packets from one
> worker only ( based on our rx-placement ).
> With this model, we thought our performance would be atleast equal to the
> single worker mode, but we are seeing degraded performance.
> In this mode, we see that, our app-plugin-node is receiving frames with
> vector size as 1 ( most of the times ), due to which, we are seeing
> degraded performance figures, we believe.
> We checked the underlying udp-local node, and observed that, it is always
> receiving frames of vector sizes 256 and 99.99% of these frames belong to
> our plugin related udp port. Hence, they all are sent to our
> app-plugin-node. But these packets are received by our node with vector
> size as 1, in each frame, which is causing an issue.
>
> We are using exact same test tool to pump the traffic in both single and
> multi thread VPP models.
>
> Is there anything that we need to do to avoid vector sizes as 1 in this
> case ?
> Also, any reason why this behavior is seen only when we have multi
> workers, even though the other worker is not really tampering with any of
> the packets that we are dealing here.
>
> Any inputs on this would really help us.
>
> --
> Thanks & Regards,
> Murthy -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#14812): https://lists.fd.io/g/vpp-dev/message/14812
> Mute This Topic: https://lists.fd.io/mt/66962512/3587972
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [
> shivaashankar1...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14814): https://lists.fd.io/g/vpp-dev/message/14814
Mute This Topic: https://lists.fd.io/mt/66962512/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] efficient use of DPDK

2019-12-05 Thread Honnappa Nagarahalli 


> -Original Message-
> From: vpp-dev@lists.fd.io  On Behalf Of Jerome Tollet via
> Lists.Fd.Io
> Sent: Wednesday, December 4, 2019 9:33 AM
> To: tho...@monjalon.net
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] efficient use of DPDK
>
> Actually native drivers (like Mellanox or AVF) can be faster w/o buffer
> conversion and tend to be faster than when used by DPDK. I suspect VPP is not
> the only project to report this extra cost.
It would be good to know other projects that report this extra cost. It will 
help support changes to DPDK.

> Jerome
>
> Le 04/12/2019 15:43, « Thomas Monjalon »  a écrit :
>
> 03/12/2019 22:11, Jerome Tollet (jtollet):
> > Thomas,
> > I am afraid you may be missing the point. VPP is a framework where 
> plugins
> are first class citizens. If a plugin requires leveraging offload (inline or
> lookaside), it is more than welcome to do it.
> > There are multiple examples including hw crypto accelerators
> (https://software.intel.com/en-us/articles/get-started-with-ipsec-acceleration-
> in-the-fdio-vpp-project).
>
> OK I understand plugins are open.
> My point was about the efficiency of the plugins,
> given the need for buffer conversion.
> If some plugins are already efficient enough, great:
> it means there is no need for bringing effort in native VPP drivers.
>
>
> > Le 03/12/2019 17:07, « vpp-dev@lists.fd.io au nom de Thomas Monjalon
> »  a écrit :
> >
> > 03/12/2019 13:12, Damjan Marion:
> > > > On 3 Dec 2019, at 09:28, Thomas Monjalon 
> wrote:
> > > > 03/12/2019 00:26, Damjan Marion:
> > > >>
> > > >> Hi THomas!
> > > >>
> > > >> Inline...
> > > >>
> > >  On 2 Dec 2019, at 23:35, Thomas Monjalon
>  wrote:
> > > >>>
> > > >>> Hi all,
> > > >>>
> > > >>> VPP has a buffer called vlib_buffer_t, while DPDK has 
> rte_mbuf.
> > > >>> Are there some benchmarks about the cost of converting, from 
> one
> format
> > > >>> to the other one, during Rx/Tx operations?
> > > >>
> > > >> We are benchmarking both dpdk i40e PMD performance and native
> VPP AVF driver performance and we are seeing significantly better
> performance with native AVF.
> > > >> If you taake a look at [1] you will see that DPDK i40e driver 
> provides
> 18.62 Mpps and exactly the same test with native AVF driver is giving us 
> arounf
> 24.86 Mpps.
> > [...]
> > > >>
> > > >>> So why not improving DPDK integration in VPP to make it 
> faster?
> > > >>
> > > >> Yes, if we can get freedom to use parts of DPDK we want 
> instead of
> being forced to adopt whole DPDK ecosystem.
> > > >> for example, you cannot use dpdk drivers without using EAL,
> mempool, rte_mbuf... rte_eal_init is monster which I was hoping that it will
> disappear for long time...
> > > >
> > > > You could help to improve these parts of DPDK,
> > > > instead of spending time to try implementing few drivers.
> > > > Then VPP would benefit from a rich driver ecosystem.
> > >
> > > Thank you for letting me know what could be better use of my time.
> >
> > "You" was referring to VPP developers.
> > I think some other Cisco developers are also contributing to VPP.
> >
> > > At the moment we have good coverage of native drivers, and still 
> there
> is a option for people to use dpdk. It is now mainly up to driver vendors to
> decide if they are happy with performance they wil get from dpdk pmd or they
> want better...
> >
> > Yes it is possible to use DPDK in VPP with degraded performance.
> > If an user wants best performance with VPP and a real NIC,
> > a new driver must be implemented for VPP only.
> >
> > Anyway real performance benefits are in hardware device offloads
> > which will be hard to implement in VPP native drivers.
> > Support (investment) would be needed from vendors to make it happen.
> > About offloads, VPP is not using crypto or compression drivers
> > that DPDK provides (plus regex coming).
> >
> > VPP is a CPU-based packet processing software.
> > If users want to leverage hardware device offloads,
> > a truly DPDK-based software is required.
> > If I understand well your replies, such software cannot be VPP.
>
>
>
>

IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14813): https://lists.fd.io/g/vpp-dev/message/14813
Mute This

[vpp-dev] vector size issue with Multi threaded VPP

2019-12-05 Thread Satya Murthy 
Retrying my luck once again.

Hi,

We are facing a strange problem when we moved from single worker to multi 
worker VPP.

Our application plugin registers for a specific udp port and gets the packets 
from udp_local node.

In Single Worker VPP:

We see that our app-plugin-node is receiving frames of bigger vector size ( 
most of the times 256 ), which is resulting is good performance figures.

In Multi Worker VPP: ( 2 workers )
==
Though we have two workers here, we are receiving udp packets from one worker 
only ( based on our rx-placement ).
With this model, we thought our performance would be atleast equal to the 
single worker mode, but we are seeing degraded performance.
In this mode, we see that, our app-plugin-node is receiving frames with vector 
size as 1 ( most of the times ), due to which, we are seeing degraded 
performance figures, we believe.
We checked the underlying udp-local node, and observed that, it is always 
receiving frames of vector sizes 256 and 99.99% of these frames belong to our 
plugin related udp port. Hence, they all are sent to our app-plugin-node. But 
these packets are received by our node with vector size as 1, in each frame, 
which is causing an issue.

We are using exact same test tool to pump the traffic in both single and multi 
thread VPP models.

Is there anything that we need to do to avoid vector sizes as 1 in this case ?
Also, any reason why this behavior is seen only when we have multi workers, 
even though the other worker is not really tampering with any of the packets 
that we are dealing here.

Any inputs on this would really help us.

--
Thanks & Regards,
Murthy
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14812): https://lists.fd.io/g/vpp-dev/message/14812
Mute This Topic: https://lists.fd.io/mt/66962512/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Coverity run FAILED as of 2019-12-05 14:00:26 UTC

2019-12-05 Thread Noreply Jenkins 
Coverity run failed today.

Current number of outstanding issues are 2
Newly detected: 0
Eliminated: 1
More details can be found at  
https://scan.coverity.com/projects/fd-io-vpp/view_defects
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14811): https://lists.fd.io/g/vpp-dev/message/14811
Mute This Topic: https://lists.fd.io/mt/66953558/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Should the packets input frome the backup slave member of a bond interface( the bond's mode is "active-backup") be processed in graph nodes? #vnet # #vpp

2019-12-05 Thread gencli 
[Edited Message Follows]

* 

As mentioned in the topic.

I use VPP's stable version 19.08 and do some config like this:
1. I create a bond interface and set bond mode as “active-backup”;
2. I add two phy port in bond as bond’s slavies;
3. I set all of the three interface up;

after do these configures, I run " *show bond details* ":
vpp# show bond details
BondEthernet0
mode: active-backup
load balance: active-backup
number of active slaves: 2
*TenGigabitEthernet3b/0/1*
*TenGigabitEthernet3b/0/0*
number of slaves: 2
TenGigabitEthernet3b/0/0
TenGigabitEthernet3b/0/1
device instance: 0
interface id: 0
sw_if_index: 3
hw_if_index: 3

We know that, BondEthernet0's two slaves:
TenGigabitEthernet3b/0/1 --- active
TenGigabitEthernet3b/0/0 ---  passive

When I use “trace add dpdk-input  100、show trace” to see how packets be 
processed. I see the packets which input frome 
TenGigabitEthernet3b/0/0(passive) still processed by vpp(such as "l2_learn").
Shouldn't these packets just be droped on bond-input graph node?

I met this problem:
___ TenGigabitEthernet3b/0/1(active) ---| port a of switch A      
port c of switch A |
BondEthernet0---/                                                               
                       |                                                        
       |
\___ TenGigabitEthernet3b/0/0(passive) ---| port b of switch A      
port d of switch A |

When a arp request out-put from TenGigabitEthernet3b/0/1(active) and in-put in 
"port a of switch A", it will flood to "port b/c/d of switch A"。
"Port b of switch A" will send it back to TenGigabitEthernet3b/0/0(passive) , 
then to BondEthernet0。If bond-input do not drop this packet, loopback 
happen!(MAC address flapping )

In my test, when arp loopback from bond's passive slave interface, MAC address 
flapping happen!
So are the packets come from TenGigabitEthernet3b/0/0(passive) should be 
dropped ? or What wrong config did I did? ro  
Please tell me, thanks!
Thanks!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14810): https://lists.fd.io/g/vpp-dev/message/14810
Mute This Topic: https://lists.fd.io/mt/66952057/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Should the packets input frome the backup slave member of a bond interface( the bond's mode is "active-backup") be processed in graph nodes? #vnet # #vpp

2019-12-05 Thread gencli 
* 

As mentioned in the topic.

I use VPP's stable version 19.08 and do some config like this:
1. I create a bond interface and set bond mode as “active-backup”;
2. I add two phy port in bond as bond’s slavies;
3. I set all of the three interface up;

after do these configures, I run " *show bond details* ":
vpp# show bond details
BondEthernet0
mode: active-backup
load balance: active-backup
number of active slaves: 2
*TenGigabitEthernet3b/0/1*
*TenGigabitEthernet3b/0/0*
number of slaves: 2
TenGigabitEthernet3b/0/0
TenGigabitEthernet3b/0/1
device instance: 0
interface id: 0
sw_if_index: 3
hw_if_index: 3

We know that, BondEthernet0's two slaves:
TenGigabitEthernet3b/0/1 --- active
TenGigabitEthernet3b/0/0 ---  passive

When I use “trace add dpdk-input  100、show trace” to see how packets be 
processed. I see the packets which input frome 
TenGigabitEthernet3b/0/0(passive) still processed by vpp(such as "l2_learn").
Shouldn't these packets just be droped on bond-input graph node?

Thanks!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14810): https://lists.fd.io/g/vpp-dev/message/14810
Mute This Topic: https://lists.fd.io/mt/66952057/21656
Mute #vnet: https://lists.fd.io/mk?hashtag=vnet&subid=1480452
Mute #vpp: https://lists.fd.io/mk?hashtag=vpp&subid=1480452
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] CSIT - performance tests failing on Taishan

2019-12-05 Thread Juraj Linkeš 
Hi Lijian,

The patch helped, I can't reproduce the issue now.

Thanks,
Juraj

-Original Message-
From: Lijian Zhang (Arm Technology China)  
Sent: Thursday, December 5, 2019 7:16 AM
To: Juraj Linkeš ; Peter Mikus -X (pmikus - 
PANTHEON TECH SRO at Cisco) ; Benoit Ganne (bganne) 
; Maciek Konstantynowicz (mkonstan) ; 
vpp-dev ; csit-...@lists.fd.io
Cc: Vratko Polak -X (vrpolak - PANTHEON TECH SRO at Cisco) ; 
Honnappa Nagarahalli 
Subject: RE: CSIT - performance tests failing on Taishan

Hi Juraj,
Could you please try the attached patch?
Thanks.
-Original Message-
From: Juraj Linkeš 
Sent: 2019年12月4日 18:12
To: Peter Mikus -X (pmikus - PANTHEON TECH SRO at Cisco) ; 
Benoit Ganne (bganne) ; Maciek Konstantynowicz (mkonstan) 
; vpp-dev ; csit-...@lists.fd.io
Cc: Vratko Polak -X (vrpolak - PANTHEON TECH SRO at Cisco) ; 
Lijian Zhang (Arm Technology China) ; Honnappa 
Nagarahalli 
Subject: RE: CSIT - performance tests failing on Taishan

Hi Ben, Lijian, Honnappa,

The issue is reproducible after the second invocation of show pci:
DBGvpp# show pci
Address  Sock VID:PID Link Speed   Driver  Product Name 
   Vital Product Data
:11:00.0   2  8086:10fb   5.0 GT/s x8  ixgbe
:11:00.1   2  8086:10fb   5.0 GT/s x8  ixgbe
0002:f9:00.0   0  15b3:1015   8.0 GT/s x8  mlx5_core   CX4121A - ConnectX-4 
LX SFP28   PN: MCX4121A-ACAT_C12

   EC: A1

   SN: MT1745K13032

   V0: 0x 50 43 49 65 47 65 6e 33 ...

   RV: 0x ba
0002:f9:00.1   0  15b3:1015   8.0 GT/s x8  mlx5_core   CX4121A - ConnectX-4 
LX SFP28   PN: MCX4121A-ACAT_C12

   EC: A1

   SN: MT1745K13032

   V0: 0x 50 43 49 65 47 65 6e 33 ...

   RV: 0x ba DBGvpp# show pci
Address  Sock VID:PID Link Speed   Driver  Product Name 
   Vital Product Data
:11:00.0   2  8086:10fb   5.0 GT/s x8  ixgbe
:11:00.1   2  8086:10fb   5.0 GT/s x8  ixgbe
Aborted
Makefile:546: recipe for target 'run' failed
make: *** [run] Error 134

I've tried to do some debugging with a debug build:
(gdb) bt
...
#5  0xbe775000 in format_vlib_pci_vpd (s=0x7efa9e80 "0002:f9:00.0   
0  15b3:1015   8.0 GT/s x8  mlx5_core   CX4121A - ConnectX-4 LX SFP28", 
args=0x7ef729b0) at /home/testuser/vpp/src/vlib/pci/pci.c:230
...
(gdb) frame 5
#5  0xbe775000 in format_vlib_pci_vpd (s=0x7efa9e80 "0002:f9:00.0   
0  15b3:1015   8.0 GT/s x8  mlx5_core   CX4121A - ConnectX-4 LX SFP28", 
args=0x7ef729b0) at /home/testuser/vpp/src/vlib/pci/pci.c:230
230   else if (*(u16 *) & data[p] == *(u16 *) id)
(gdb) info locals
data = 0x7efa9cd0 "PN\025MCX4121A-ACAT_C12EC\002A1SN\030MT1745K13032", 
' ' , "V0\023PCIeGen3 x8RV\001\272"
id = 0xaaa8  indent = 91 string_types = {0xbe7b7950 "PN", 
0xbe7b7958 "EC", 0xbe7b7960 "SN", 0xbe7b7968 "MN", 0x0} p = 0 
first_line = 1

Looks like something went wrong with the 'id' variable. More is attached.

As a temporary workaround (until we fix this), we're going to replace show pci 
with something else in CSIT: https://gerrit.fd.io/r/c/csit/+/23785

Juraj

-Original Message-
From: Peter Mikus -X (pmikus - PANTHEON TECH SRO at Cisco) 
Sent: Tuesday, December 3, 2019 3:58 PM
To: Juraj Linkeš ; Benoit Ganne (bganne) 
; Maciek Konstantynowicz (mkonstan) ; 
vpp-dev ; csit-...@lists.fd.io
Cc: Vratko Polak -X (vrpolak - PANTHEON TECH SRO at Cisco) ; 
lijian.zh...@arm.com; Honnappa Nagarahalli 
Subject: RE: CSIT - performance tests failing on Taishan

Latest update is that Benoit has no access over VPN so he did try to replicate 
in local lab (assuming x86).
I will do quick fix in CSIT. I will disable MLX driver on Taishan.

Peter Mikus
Engineer - Software
Cisco Systems Limited

> -Original Message-
> From: Juraj Linkeš 
> Sent: Tuesday, December 3, 2019 3:09 PM
> To: Benoit Ganne (bganne) ; Peter Mikus -X (pmikus - 
> PANTHEON TECH SRO at Cisco) ; Maciek Konstantynowicz
> (mkonstan) ; vpp-dev ; csit- 
> d...@lists.fd.io
> Cc: Vratko Polak -X (vrpolak - PANTHEON TECH SRO at Cisco) 
> ; lijian.zh...@arm.com; Honnappa Nagarahalli 
> 
> Subject: RE: CSIT - performance tests failing on Taishan
>
> Hi Benoit,
>
> Do you have access to FD.io lab? The Taishan servers are in it.
>
> Juraj
>
> -Original Message-